Author: Kjetil Torgrim Homme Date: To: exim-dev Subject: Re: [exim-dev] crypt, crypt16, and bigcrypt - worth changing?
On Tue, 2006-09-12 at 14:37 +0100, Philip Hazel wrote: > However, the first question is: should any change be made? I don't
> recall anybody reporting problems, and I suspect that the world is
> moving on to other encryption methods such as {sha1} these days.
I think it's more common to stick to {crypt}, but crypt(3c) is more
clever these days and is extensible in itself. from /etc/shadow on a
typical Linux system:
$1$Bn7P0ASN$baWgRvs/4RPe1q8Ba12Ky0
as you can see, it's longer than the traditional crypt strings, and it's
separated into fields with dollar signs. $1 means use the algorithm
"salted MD5", the salt comes next, and finally the crypted password.
*BSD and Solaris supports this scheme, too. (I think it actually
originated on FreeBSD, but don't shoot me if that's the wrong
attribution.)
I don't think you should worry too much about bigcrypt and other weird
extensions. just make sure you pass along the _whole_ password to
crypt(3c), not just the first 8 characters. crypt(3c) will chop off
excess characters itself if need be.
